The salt master daemon requires /dev/shm access for creating and managing semaphores. Traceback (most recent call last): File "/usr/lib/python-exec/python2.7/salt-master", line 10, in <module> salt_master() File "/usr/lib64/python2.7/site-packages/salt/scripts.py", line 50, in salt_master master.start() File "/usr/lib64/python2.7/site-packages/salt/cli/daemons.py", line 149, in start self.prepare() File "/usr/lib64/python2.7/site-packages/salt/cli/daemons.py", line 130, in prepare self.master = salt.master.Master(self.config) File "/usr/lib64/python2.7/site-packages/salt/master.py", line 304, in __init__ SMaster.__init__(self, opts) File "/usr/lib64/python2.7/site-packages/salt/master.py", line 89, in __init__ SMaster.aes = multiprocessing.Array(ctypes.c_char, salt.crypt.Crypticle.generate_key_string()) File "/usr/lib64/python2.7/multiprocessing/__init__.py", line 260, in Array return Array(typecode_or_type, size_or_initializer, **kwds) File "/usr/lib64/python2.7/multiprocessing/sharedctypes.py", line 119, in Array lock = RLock() File "/usr/lib64/python2.7/multiprocessing/__init__.py", line 183, in RLock return RLock() File "/usr/lib64/python2.7/multiprocessing/synchronize.py", line 172, in __init__ SemLock.__init__(self, RECURSIVE_MUTEX, 1, 1) File "/usr/lib64/python2.7/multiprocessing/synchronize.py", line 75, in __init__ sl = self._semlock = _multiprocessing.SemLock(kind, value, maxvalue) OSError: [Errno 13] Permission denie type=AVC msg=audit(1431173657.132:221): avc: denied { getattr } for pid=2488 comm="salt-master" name="/" dev="tmpfs" ino=1322 scontext=system_u:system_r:salt_master_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem permissive=0 type=AVC msg=audit(1431173769.340:227): avc: denied { create } for pid=2616 comm="salt-master" name="sem.HES7e4" scontext=system_u:system_r:salt_master_t:s0 tcontext=system_u:object_r:salt_master_tmpfs_t:s0 tclass=file permissive=0 Creating a salt_master_tmpfs_t with the proper filetrans should do it. Reproducible: Always
Fixed in repo, will be part of r6
r6 policy is in ~arch
Now stable